10772207 Security Requirement Determination - Results 



~ ~ Patent Literature Abstracts 

8/3, K/1 (Item 1 from file: 350) 

Dl ALOG(R) File 350: Derwent WPIX 

(c) 2010 Thomson Reuters. All rights reserved. 

0017350069 Drawing available 

WPI Accno: 2008-B70508/20081 2 

XRPXAcc No: N2008-1 35089 

Computer code object runtime execution dynamically optimizing method, involves 
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Alerting Abstract ...NOVELTY - The method involves allowing requested permission for 

sequential stack frames in a call stack, and evaluating security elements associated with the 
requested permission and each stack frame of the call stack for determining whether the 
perm ission can be optimized. A future request is automatically promoted for the same 
permission into a permission assertion, if the permission is optimized. Execution is 
continued if the permission is not optimized. 

Original Abstracts:The invention relates to a system and method for efficient security 
runtime. If the same security demand for permissions occurs twice during the same code 
path (i.e. execution stack) the latter can be automatically turned (optimized) into a security 

assertion based on the stack frame. If the method being called has been allowed to 

execute before then a demand may be replaced with an assertion for the same 
perm issions within the call stack. If that frame was executed then it means the security 
demand was successfully evaluated. Furthermore, if the permission evaluation result is 
known to be static (e.g., its result will not change) it can be determined that another check 
on the same permissions is not required higher on the stack, so this demand can safely be 
replaced by an assertion, which can effectively speed up the code execution... 

...Claims:1 . A computer-implemented method of dynamically optimizing runtime execution 
of computer code object on a computer by applying stack manipulation techniques, 
comprising:performing a stack walk for evaluating whether a requested permission is 
allowed for the plurality of sequential stack frames of a call stack; if the requested 
permission is not allowed for at least one of the sequential stack frames in the call stack, 
then creating a security exception;if the requested permission is allowed for the plurality 
of sequential stack frames in the call stack, then evaluating security elements associated 
with the requested permission and each stack frame of the call stack for determining 
whether the permission can be optim ized ; if yes, then automatically promoting a future 
request for the same permission into a permission assertion;if not, then continuing with 
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the execution. 
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Called code frame execution determination method involves determining whether 
requested permission is associated with code assembly, responsive to demanding 
operation 

Patent Assignee: MICROSOFT CORP (MICT) 
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Alerting Abstract ...NOVELTY - The method involves dynamically overriding a set of 
permissions assigned to a permission grant object associated with a code assembly 
preceding another code assembly. The requested permission is determined whether it is 
associated with the code assembly, responsive to the demanding operation. Execution of 
called code frame is permitted to perform protected operation, if the requested permission 
is provided in association with the code assembly. ... computer program product for 
determining whether requested permission is satisfied within runtime call stack; and 
runtime system for determining whether requested permission is satisfied within runtime 

call stack USE - For determining whether requested permission for executing called 

code frame, is within runtime call stack... 

Original Abstracts:A system and method determine whether a called code frame has a 
requested permission available to it, so as to be able to execute a protected operation. A 
code frame is contained within a code assembly received from a remote or local resource 
location. A policy manager generates a permission grant set containing permission grant 
objects associated with the code assembly. Both the permission grant set and the code 
assembly are loaded into a runtime call stack for runtime execution of one or more code 
frames. Calls to other code frames may involve loading additional code assemblies and 
permission grant sets into the runtime call stack. In order for a called code frame to 
perform a protected operation, the code frame demands a requested permission from its 
calling code frame and all code frames preceding the calling code frame on the runtime call 
stack as part of a stack walk operation. If the calling code frame and the preceding call 
frames can satisfy the requested permission, the called code frame can perform the 
protected operation (absent stack overrides). Otherwise, a security exception is thrown and 
the called code frame is inhibited from performing the protected operation (absent stack 
overrides). Stack overrides may be employed to dynamically modify the stack walk 
operation. To increase performance, a stack walk may be avoided by caching an 
intersection of the permission grants of all code assemblies in the application. Claims:We 
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claim :1 . A method of determining whether a requested permission, wherein the 
permission is at least one of a set of permissions, requested by a called code frame, is 
satisfied within a runtime call stack so as to allow the called code frame to perform a 
protected operation, the method comprising:associating a first permission grant object 
with a first code assembly in the runtime call stack;dynamically overriding the set of 
permissions that is assigned to a second permission grant object associated with a 
second code assembly preceding the first code assembly;creating a permission request 
object within the called code frame to demand the requested perm ission;demanding via 
the permission request object the requested permission from the first permission grant 
object to allow the called code frame to perform the protected operation;determining 
whether the requested permission is provided in association with the first code assembly 
by the first permission grant object, responsive to the demanding operation; 
andpermitting the execution of the called code frame to perform the protected operation, if 
the requested permission is provided in association with the first code assembly, whereby 
a full walk of the runtime call stack may be avoided. 
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Computer-implemented program i.e. software program, optimization performing 
method for post-link monitoring and optimization tool, involves optimizing 
modified program code responsively to clone-specific profile data 

Patent Assignee: HABER G (HABE-I) ; LEVI N R ( LEVI - 1 ) ; URS(URSS-I) 
Inventor: HABER G; LEVIN R; UR S 

Patent Family ( 1 patents, 1 countries ) j 
Patent Number Kind Date Application Number Kind Date Update Type 

US 20090055813 Ul 20090226 '-US 2007842180 ;A : 20070821 200917 ;B 



,Priqr^ 20070821 
Patent Details 

jj Patent Number jKind |Lan jPgs Draw iFiling Notes; 



Alerting Abstract ...a function in a program code, and cloning the function to create a 
modified program code having a set of instances of the function. Call paths of the function 
are distributed in a modified program code to assign respective modified call path to each 
instance of the function. The modified program code is executed while accumulating 

respective clone-specific profile data for the instances of the function of each thread in 

order to determine the calling function of the executed instruction. The method utilizes 
efficient profiling technique, and avoids the overhead of stack walking at each sampled 
event or instruction. The method enables collection of calling context hardware events 
easily... 

...Original Abstracts:profiling methods such as hardware event sampling, basic block 
profiling, and edge profiling may then be applied to the modified program code to obtain call 
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path-based, clone-specific profile data. The profile data can be further exploited to optimize 
the program code. 

...CIaims:of program optimization, comprising the steps of: identifying a function in 
program code, said function having call sites, said call sites each having respective call 
paths leading thereto; cloning said function to create a modified program code having a 
plurality of instances of said function therein; distributing said call paths of said function in 
said modified program code to assign a respective modified call path to each of said 
instances of said function; executing said modified program code while accumulating 
respective clone-specific profile data for said instances of said... 
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Hybrid stack walking method of call stack, involves performing managed stack 
walk on call stack and native stack walk on native frames of call stack 

Patent Assignee: MICROSOFT CORP (Ml CT) 
I nventor: GOLDI N M; Wl JERATNA T 

Patent Family ( 2 patents, 1 countries ) j 

Patent Number Kind Date Application Number Kind Date Update Type 

US 20060212844 jAI 20060921 JUS 200583843 [a : 2005031 8 200675 iB I 

|US 7574702 ^ ^ j ^ |2 0 0 9 0 81 l] fG S ^20^5 8 3 8 4^ J | A ^ J |2 0 0 5 0 3 T 8 ; 1 2 0 0 9^] |e j | 

AP. r [ty. App.l j.ca t i o n s ( no . , k i n d , date) : U S 20 0583843 A 20050318 
Patent Details | 
Patent Number Kind Lan Pgs Draw Filing Notes 

T) S 2 0 060212844 A 1 

Alerting Abstract ...NOVELTY - A managed stack walk is performed on a call stack 
comprising several managed frames and native frames associated with a mixed code. A 
native stack walk is performed on the native frames of the call stack, to obtain hybrid 
stack walking. ... computer readable medium comprising instructions for hybrid stack 

walking; and computer USE - For identifying critical paths of call stack 

ADVANTAGE - The hybrid stack walking is performed for assembling information about 
executing modules or functions in the code... 

Original Abstracts:ln one embodiment, a method and apparatus for stack walking a call 

stack associated with mixed code, by interleaving a native stack walking process with a 
managed stack walking process. Mixed code comprises at least one managed instruction 
and at least one native instruction, and the call stack comprises at least one managed 

frame managed frames being associated with the managed instructions, and the native 

frames being associated with native instructions. The method comprises acts of performing 
a managed stack walk on the call stack, a native stack walk on native frames of the call 
stack. In a further embodiment, handling indirect jumps during a native stack walk, and in 

another embodiment, detecting validity of a memory address In one embodiment, a 

method and apparatus for stack walking a call stack associated with mixed code, by 
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interleaving a native stack walking process with a managed stack walking process. 
Mixed code comprises at least one managed instruction and at least one native instruction, 

and the call stack comprises at least one managed frame managed frames being 

associated with the managed instructions, and the native frames being associated with 
native instructions. The method comprises acts of performing a managed stack walk on 
the call stack, a native stack walk on native frames of the call stack. In a further 
embodiment, handling indirect jumps during a native stack walk, and in another 
embodiment, detecting validity of a memory address. 

Claims:What is claimed:1 . A method of stack walking a call stack associated with mixed 
code, wherein the mixed code comprises at least one managed instruction and at least one 

native instruction, the call stack comprises at the at least one native frame being 

associated with the at least one native instruction, the method comprising the acts of: (A) 
performing a managed stack walk on the call stack; and(B) performing a native stack 

walk on the at least one native frame of the call stack What is claimed: 1 . A method of 

stack walking a call stack associated with mixed code, wherein the mixed code comprises 
at least one managed instruction and at least one native instruction, the method comprising 

the acts one native frame being associated with a second function having at least one 

native instruction, the native frame containing a second return address; performing a stack 
walk of the call stack to detect a managed frame on the call stack; in response to 
detecting a managed frame on the call stack, performing a managed stack walk of 
managed frames on the call stack to resolve the managed frames on the call stack; and 
after performing the managed stack walk, performing a native stack walk of native 
frames on the call stack to resolve the native frames on the call stack, including native 
frames between managed frames. 
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Call chain identification method in interrupted program, involves updating 
instruction and stack pointers based on distance variables on which selected 
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Alerting Abstract ...stack with return address, stack and instruction pointers is received. 
The calculations to be performed on distance variables are selected based on instructions 
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identified on path of instructions. The selected calculations are performed on variables. The 
instruction and stack pointers are updated using calculated variables, and list of instruction 
pointer is ... 

...Claims:while the call stack still contains return addresses, performing the 
following, following the control flow in a binary image, from the instruction pointer, through 
a path of instructions, to a return instruction;selecting calculations to perform on distance 
variables based on instructions identified in the path of instructions;performing the selected 
calculations on the distance variables; using the calculated distance variables to update the 

instruction pointer and stack pointer; andreturning comprising, a binary image with an 

associated stack frame;an interrupt program that interrupts the application program and 
saves the execution state, and calls a stack walking program; andthe stack walking 
program comprising, instructions for walking forward through binary images to identify 
instructions used to calculate offsets into the stack frame associated with the binary 
image... 
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Computer system for Java language applications, has compiler which compiles 
fragment of code of particular application 
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Alerting Abstract ... 

of an application (24) 


NOVELTY - A compiler is configured to compile a fragment of the code 
. The fragment of code is a dominant path fragment which comprises 



one or more blocks of code. 

Original Abstracts:A computer system described may have features relating to one or 
more of dynamic compilation of a dominant path, including using pre-exception condition 
checks, outliers and/or class loaders, to dispatch mechanisms for interface methods, to 

management and deletion of code buffers, to A method and system of memory 

management using stack walking. The method of managing memory in a computer 
system includes identifying compiled code to be deleted, examining the return addresses of 
the frames in the... dominant code blocks are stored in one portion of the memory and the 
outliers are stored in another portion of the memory. Storing the dominant path code 

separate from the outliers increases efficiency of the system A dynamic compiler and 

method of compiling code to generate a dominate path and handle exceptions. The 
dynamic compiler includes an execution history recorder that is configured to record the 

number of times a fragment of code is interpreted came from and where transfer of 

control goes to for each fragment of code that is executed, thereby allowing for compilation 
of a dominant path of code. If the execution of code deviates from the dominant path of 
compiled code (such as when an exception occurs), a fallback interpreter is utilized to 
interpret the fragment of code to be executed... A method and a system of memory 
management using stack walking. The method of managing memory in a computer 
system includes identifying compiled code to be deleted, examining the return addresses of 

the frames in the stack code blocks are stored in one portion of the memory and the 

outliers are stored in another portion of the memory. Storing the dominant path code 
separate from the outliers increases efficiency of the system... A dynamic compiler and 
method of compiling code to generate a dominate path and handle exceptions. The 
dynamic compiler includes an execution history recorder that is configured to record the 

number of times a fragment of code is interpreted came from and where transfer of 

control goes to for each fragment of code that is executed, thereby allowing for compilation 
of a dominant path of code. If the execution of code deviates from the dominant path of 
compiled code (such as when an exception occurs), a fallback interpreter is utilized to 

interpret the fragment of code to be executed A computer system described may have 

features relating to one or more of dynamic compilation of a dominant path, including using 
pre-exception condition checks, outliers and/or class loaders, to dispatch mechanisms for 
interface methods, to management and deletion of code buffers, to test... 
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...Claims:a program during execution of a program, the method comprising the steps of: 
(a) first determining whether a first piece of code includes a dominant path therethrough 
formed of a series of program instructions for execution one after another in sequence 
during execution of the dominant path;(b) first determining whether the first piece of code 
includes a control transfer instruction therein;(c) first compiling the first piece of code by 

the execution of the program to provide a first piece of compiled code only if the first 

piece of code is determined to be a dominant path and the control transfer instruction is 
determined to be present in the first piece of code;(d) second compiling a second piece of 

code by a compiler manager coupled thereto and a threshold number of executions for 

a threshold comparison with a recorded number of times to determine a dominant path 
having a fragment to be compiled therein;a compiler queue of fragments to be compiled for 

receiving the fragment to be compiled and a successor a received fragment to be 

compiled and the corresponding successor fragment of the received fragment to be 
compiled, and (ii) to create a compiled dominant path from the received fragment to be 
compiled, the corresponding successor fragment being compiled in accordance with its 

correspondence with the fragment to be compiled and reached the threshold number of 

executions;the execution history recorder being further configured to record from where a 
transfer of control into the compiled dominant path came and to where control is 
transferred out of the compiled dominant path;a queue duration determination including (i) 
a determination whether the length of the compiler queue has exceeded a predetermined 
length and (ii) a determination whether... 
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Unified data type system and method 
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Specification: ...loads the files for execution. The loader 530 receives the executable file 
and resolves necessary references and loads the code. The environment may provide a 
stack walker 532, i.e., the piece of code that manages the method calls and provides for 

the identification of the sequence of method calls on a to be executed. The execution 

environment may further provide a security module 536 to prevent unauthorized use of 
resources by determining whether certain code has permission to access certain system 
resources (or even execute at all). The runtime environment may further provide memory 
management services, such as a garbage collector 538... 



(Basic) 
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Method and architecture to support multiple services in label switched networks 

Verfahren und Architektur zur Unterstuzung von mehreren Diensten in einem 
Etikettverm ittlungsnetzwerk 

Procede et architecture permettant des service multiples dans un reseau a commutation d' 
etiquette 
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Specification: ...similar messaging protocols. This modified version of SIP will be referred 
to in the following description as SIP+ + . An extension to the IETF Common Open Policy 
Service (COPS) in provides communication between the physical MPLS network and its 
control services. Call Walkthrough for Successful Call 

A call walkthrough for a successful call is illustrated diagrammatically in figure 3. This figure 
corresponds to the level of detail shown in figure 1 ... 

Specification: ...similar messaging protocols. This modified version of SIP will be referred 
to in the following description as SIP+ + . An extension to the IETF Common Open Policy 
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Service (COPS) in provides communication between the physical MPLS network and its 
control services. Call Walkthrough for Successful Call 

A call walkthrough for a successful call is illustrated diagrammatically in figure 3. This figure 
corresponds to the level of detail shown in figure 1 ... 
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Specification: ...different address space. 



The queuing mechanism and scheduling policies are associated with the port object and are 
not specific to the capability engine 300. The specific scheduling queuing policy the 
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capability engine 300 will call may be altered on a port by port basis via calls to the 
capability engine 300. There are two. ..for the CONTROLLED placement of data into 
UNMAPPED portions of the task's address space, only MAPPED ones. UNMAPPED placement 
is supported through the simple model via a capability call on the target capability. There 
is currently no plan to include this option in the by-reference case as it can be mimicked by 

first optimizations based on roll in of additional function is required, a separate new 

library should be created. This library is free to borrow interface and execution path 
notions from the message passing library 220, but is not obligated to do so. Such a library 
would operate on top of the capability engine... 
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Specification: ...different address space. 

The queuing mechanism and scheduling policies are associated with the port object and are 
not specific to the capability engine 300. The specific scheduling queuing policy the 
capability engine 300 will call may be altered on a port by port basis via calls to the 
capability engine 300. There are two. ..allow for the CONTROLLED placement of data into 
UNMAPPED portions of the tasks address space, only MAPPED ones. UNMAPPED placement 
is supported through the simple model via a capability call on the target capability. There 
is currently no plan ... optimizations based on roll in of additional function is required, a 
separate new library should be created. This library is free to borrow interface and 
execution path notions from the message passing library 220, but is not obligated to do 
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